FOSSA is described as 'Offers automated license scanning, dependency analysis and reports at each commit. Get a process up an running in 60 seconds, without slowing down development' and is a vulnerability scanner in the security & privacy category. There are more than 10 alternatives to FOSSA, not only websites but also apps for a variety of platforms, including Linux, Windows, Mac and Self-Hosted apps. The best FOSSA alternative is HarborGuard. It's not free, so if you're looking for a free alternative, you could try HarborGuard or Mend Renovate. Other great sites and apps similar to FOSSA are spdx-tool, ScanCode, Black Duck Software and Mend Bolt.
HarborGuard is a unified security scanning platform that provides deep vulnerability analysis and visualization for Docker images using industry-leading security tools.
Mend Renovate is a software product that helps developers automate dependency updates by identifying new package versions and delivering them to the application's codebase. It can generate pull requests and issues in the repository with details about the updates, including...
Dependency-Track is an intelligent Software Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components.
spdx-tool scans the source files to identify licenses used and it allows to update them in order to use the SPDX license format.
ScanCode is a suite of utilities used to scan a codebase for license, copyright and other interesting information that can be discovered in files.
Organizations worldwide use Black Duck products to secure and manage open source software, eliminating pain related to open source security vulnerabilities and open source license compliance.
Mend Bolt is designed to provide real-time security alerts and compliance issues related to your open source dependencies. It operates within Azure DevOps or GitHub, enabling you to identify and address open source vulnerabilities promptly.
FOSSology is an open source license compliance software system and toolkit. As a toolkit you can run license, copyright and export control scans from the command line. As a system, a database and web ui are provided to give you a compliance workflow.
Ninka is a lightweight license identification tool for source code. It is sentence-based, and provides a simple way to identify open source licenses in a source code file. It is capable of identifying several dozen different licenses (and their variations).
Slic scans a codebase and identifies the license of each file. It can be extended to identify new licenses or change its detection of existing ones.
Licensee is a Ruby gem that automates the process of reading LICENSE files and compares their contents to known licenses using several strategies.
Simplified license management of open source software for small organizations or departments.
Israel
United States
Canada